Enterprise Data Protection Challenges Persist, Survey Finds

Sepaton-sponsored poll indicates that many enterprises still lag on disaster recovery planning and backup environments are strained.

Data protection has been around since the early introduction of information systems, when enterprises realized that the permanent loss of data could have deleterious, if not fatal, impacts upon their business. After decades of time and practice, you would think that enterprises would get data protection right.

But a recent survey on data protection sponsored by Sepaton reveals that some companies still do not get it, and that even the best face challenges from factors such as data growth and increased complexity of data protection environments.

Let’s look at a few of the data protection issues highlighted in the report, which polled more than 200 IT pros at large enterprises in North America and Europe with at least 1,000 employees and 50 terabytes of primary data that require protection. This was Sepaton's fifth annual Data Protection Index survey.

• Disaster recovery (DR) is lacking or potentially lacking at a number of organizations. The good news is that 17% of survey participants have an active-active DR strategy, 32% have an active-passive disk DR strategy, and 6% have replication in the cloud (a surprisingly high percentage at this stage of cloud adoption for large companies). These add up to 55% of companies that seem to have adequate DR strategies.

However, the bad news is that for 13%, DR strategy is in development, and 8% have no DR strategy. That means at least 21% have an unsatisfactory DR strategy now; recall that we are not talking about Mom and Pop outfits here, but rather enterprises with at least 1,000 employees. This is shocking because a lack of a DR strategy conceivably could expose the CIO to dereliction of a fiduciary responsibility if a disaster should occur. With the pervasiveness and integration of IT in the very fabric of enterprises, a disaster from which recovery would not be possible (including a permanent loss of data, such as accounts receivable and accounts payable) could be devastating for an enterprise.

The remaining 24% have physical tape copies stored offsite. While this is a tried and true approach, we don’t have enough information to determine if this represents an adequate DR strategy, because we do not know if there are plans to use this data to restore it on servers and storage in a non-primary site datacenter.

• A number of challenges exist for the backup environment. Forty-two percent of respondents said that they have too many backup targets, 68% said consolidating backups would save considerable costs, 71% said meeting backup windows is more difficult each year, and 46% felt that backup is not meeting their needs and requires improvement.

Whether this means the backup environment is broken is a matter of conjecture, but it clearly appears to be under significant strain, which isn't surprising given the continuing growth of data (67% reported that a full backup was more than 50 TBs), the requirement for many applications to be available 24X7, and the introduction of new applications. It would seem that the backup market might move into a stage of “unfreezing,” where users are motivated to change (which is the first stage of the Lewin-Schein change model).

• Enterprises are taking action to improve data protection. Thirty-six percent of those polled said they plan to improve backup performance, while 35% said they plan to add/improve replication for DR. Furthermore, 23% said they plan to consolidate multiple backup targets into fewer, more efficient systems, which should help reduce the complexity of the backup environment.

The bottom line is that although the survey indicates that there are challenges in the disaster recovery and backup environments, at least a good of number of IT organizations recognize those challenges and are trying to address them.

Mesabi Musings

However, the question that remains unanswered is whether or not this will be sufficient. For example, the numbers relating to inadequate disaster recovery are roughly the same as in a similar survey that Sepaton conducted a year ago.

Let’s face it: Data protection is not the poster child for what IT does. Even within the information infrastructure, other topics such as server virtualization and the cloud are more glamorous. Yet if the backup data cannot be restored for an operational recovery (failure of a mission-critical system) or applications with their data cannot be restored after a disaster, all else is for naught.

Action, not words, is essential. IT must establish data governance policies that include data protection, determine the gap between what is and what should be, how much it would cost to close the gap, and calculate the risk to the business for not closing the gap. Then the business can make an informed decision on what to do.

Sepaton is a client of David Hill and the Mesabi Group.

David Hill is principal of Mesabi Group LLC, which focuses on helping organizations make complex IT infrastructure decisions simpler and easier to understand. He is the author of the book "Data Protection: Governance, Risk Management, and Compliance." View Full Bio